diff options
author | Cédric Ollivier <cedric.ollivier@orange.com> | 2020-09-13 14:53:26 +0200 |
---|---|---|
committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2020-09-13 14:58:47 +0200 |
commit | bced94b6fe24c7e939fb22834deb77477e4a9bb9 (patch) | |
tree | 5d36140197daa7e2b8d6d3280f8653bfe380e6a9 /docker | |
parent | b866c73d70079fdb52e5fc999f49a32d2af82349 (diff) |
Split kube-bench master and node
The former deployment asked for all-in-one.
Change-Id: I12e470cec9e82b82c6f3ea5ff2431087f5deb9be
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
Diffstat (limited to 'docker')
-rw-r--r-- | docker/security/testcases.yaml | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml index e5423a47..c4f7e69b 100644 --- a/docker/security/testcases.yaml +++ b/docker/security/testcases.yaml @@ -2,7 +2,6 @@ tiers: - name: security - ci_loop: '(daily)|(weekly)' description: >- Set of basic security tests. testcases: @@ -15,17 +14,34 @@ tiers: Check that the kubernetes cluster has no known vulnerabilities run: - name: 'kube_hunter' + name: kube_hunter args: severity: high - - case_name: kube_bench + case_name: kube_bench_master project_name: functest criteria: 100 blocking: false description: >- - Check that the kubernetes cluster has no known - vulnerabilities + Checks whether Kubernetes is deployed securely by running + the master checks documented in the CIS Kubernetes + Benchmark. run: - name: 'kube_bench' + name: kube_bench + args: + target: master + + - + case_name: kube_bench_node + project_name: functest + criteria: 100 + blocking: false + description: >- + Checks whether Kubernetes is deployed securely by running + the node checks documented in the CIS Kubernetes + Benchmark. + run: + name: kube_bench + args: + target: node |